Dependency management with Composer
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Dependency management with Composer

on

  • 1,533 views

 

Statistics

Views

Total Views
1,533
Views on SlideShare
1,505
Embed Views
28

Actions

Likes
0
Downloads
15
Comments
0

1 Embed 28

https://twitter.com 28

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Dependency management with Composer Presentation Transcript

  • 1. Dependency management withComposerJason Grimes / @jason_grimes / jason@grimesit.comTriangle PHP - June 2013
  • 2. Composer is adependency managerforPHP.Like npm in Node,or bundler in Ruby.
  • 3. What are dependencies?Third-party librariesor other assets your project depends onwhich are stored in a separate repositoryfrom your project sources.
  • 4. • Define dependencies in a version controlledconfig file.• Download & install them all with onecommand.• Have identical versions in all projectenvironments.• Automate this part of your build process.A dependency manager lets you:
  • 5. ComposerPEAR• Per-project• Open inclusion• Central repository• System-wide• Strict control• Dispersed channelsvsComposer is becoming the de-facto standard
  • 6. Installing Composer:$ curl -sS https://getcomposer.org/installer | php$ sudo mv composer.phar /usr/local/bin/composer
  • 7. Keeping Composerup to date periodically:$ sudo composer self-updateUpdating to versiond498e73363f8dae5b9984bf84ff2a2ca27240925.Downloading: 100%
  • 8. Two main use cases:• Managing dependencies in a project• Distributing a library
  • 9. Managing dependenciesin a project
  • 10. Getting a dependency:{"require": {"silex/silex": "~1.0"}}$ cd ~/myproject$ vim composer.json$ composer install
  • 11. $ composer installLoading composer repositories with package informationInstalling dependencies (including require-dev)- Installing psr/log (1.0.0)Loading from cache- Installing symfony/routing (v2.3.0)Loading from cache- Installing symfony/debug (v2.3.1)Downloading: 100%- Installing symfony/http-foundation (v2.3.1)Downloading: 100%- Installing symfony/event-dispatcher (v2.3.0)Loading from cache- Installing symfony/http-kernel (v2.3.0)Loading from cache- Installing pimple/pimple (v1.0.2)Loading from cache- Installing silex/silex (v1.0.0)Loading from cachesymfony/routing suggests installing symfony/config ()...Writing lock fileGenerating autoload files
  • 12. Packages are installedin the vendor/ subdirectory$ ls vendorautoload.phpcomposer/pimple/psr/silex/symfony/
  • 13. Specifying versions"~1.2"">=1.2,<2.0""1.2.*""1.2.3"Recommended. “Up to next significant release.” (semver)
  • 14. Only stable packages are installed by default.Get a non-stable version like this:{"require": {"silex/silex": "~1.0@dev"},}Stability flags, in order of priority: dev, alpha, beta, RC, and stable.To get the latest commit from the master branch:{"require": {"silex/silex": "dev-master"},}
  • 15. Ensuring identical versionsin all project environments
  • 16. • composer.json - the config file.Specifies versions as flexible patterns.• composer.lock - the lock file.Automatically written by composer.Lists the exact versions that were installed.Both files should be stored in version control.Two important files:
  • 17. • composer install - Install dependencies,using the versions listed in composer.lock.• composer update - Determine the latestallowed versions, install them, and write theversion numbers to composer.lock.Two important commands:
  • 18. You can specify which packages to update,leaving the others untouched:$ composer update monolog/monologThis can be useful when adding a new dependency.
  • 19. composer update might break things.Only run it in dev environments.Commit composer.lock to versioncontrol when you’re ready to deploy thenew versions.Remember:
  • 20. composer install ensures you havethe exact same versions as everyone elseusing that composer.lock file.Run composer install in your buildscripts.
  • 21. Autoloading
  • 22. Composer sets up autoloading of yourdependencies (for free).Just include vendor/autoload.php:<?phprequire ‘vendor/autoload.php’;$app = new SilexApplication();
  • 23. You can also use composer to configureautoloading for your own code.{"require": {...},"autoload": {"psr-0": {"MyApp": "src/"}},}<?phprequire ‘vendor/autoload.php’;$app = new MyAppFoo(); // From src/MyApp/Foo.phpcomposer.json
  • 24. Various autoloading conventions are supported."autoload": {"psr-0": {"MyAppTest": "src/test","MyApp_": "src","": "src/"},"classmap": ["src/", "lib/", "Something.php"],"files": ["src/MyLibrary/functions.php"]},MyAppTestFooTest => src/test/MyApp/Test/FooTest.phpMyApp_Foo => src/MyApp/Foo.phpFoo => src/Foo.phpSearch for classes in *.php and *.inc files in these locations,and generate a key/value array mapping class names to files.Explicitly load these files on every request.
  • 25. You can generate the autoload fileswithout running an install or update:$ composer dump-autoloadIn production, you can generate a class mapfor all classes, to optimize performance:$ composer dump-autoload --optimize
  • 26. Finding packages
  • 27. https://packagist.org
  • 28. $ composer search oauth2 serveradoy/oauth2 Light PHP wrapper for the OAuth 2.0 protocol (based onOAuth 2.0 Authorization Protocol draft-ietf-oauth-v2-15)drahak/oauth2 Nette OAuth2 Provider bundleopauth/oauth2 Base OAuth2 strategy for Opauthzircote/oauth2 OAuth2 Library, this is by no means complete nor isthe test coverage optimal, mileage may (will) vary.friendsofsymfony/oauth2-php OAuth2 librarybshaffer/oauth2-server-php OAuth2 Server for PHPleague/oauth2-server A lightweight and powerful OAuth 2.0authorization and resource server library with support for all thecore specification grants. This library will allow you to secureyour API with OAuth and allow your applications users to approveapps that want to access their data from your API....
  • 29. $ composer show league/oauth2-servername : league/oauth2-serverdescrip. : A lightweight and powerful OAuth 2.0 authorization and resource serverlibrary with support for all the core specification grants. This library willallow you to secure your API with OAuth and allow your applications users toapprove apps that want to access their data from your API.keywords : authorization, api, Authentication, oauth, oauth2, server, resourceversions : dev-master, 2.1.1, 2.1, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0, 1.0.8, 1.0.7,1.0.6, 1.0.5, 1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0, 0.4.2, 0.4.1, 0.4, 0.3.5, 0.3.4,0.3.3, 0.3.2, 0.3.1, 0.3, 0.2.3, 0.2.2, 0.2.1, 0.2, dev-develop, dev-temptype : librarylicense : MITsource : [git] https://github.com/php-loep/oauth2-server.git 2.1.1dist : [zip] https://api.github.com/repos/php-loep/oauth2-server/zipball/2.1.1 2.1.1names : league/oauth2-server, lncd/oauth2, league/oauth2serverautoloadpsr-0LeagueOAuth2Server => src/requiresphp >=5.3.0requires (dev)mockery/mockery >=0.7.2suggestszetacomponents/database Allows use of the build in PDO storage classesreplaceslncd/oauth2 *league/oauth2server *
  • 30. Bootstrapping a project
  • 31. $ composer create-project fabpot/silex-skeleton ~/myprojectcreate-project clones a project skeletonand installs its dependencies.
  • 32. $ composer create-project fabpot/silex-skeleton ~/myprojectInstalling fabpot/silex-skeleton (v1.0.0)- Installing fabpot/silex-skeleton (v1.0.0)Downloading: 100%Created project in /home/vagrant/myprojectLoading composer repositories with package informationInstalling dependencies (including require-dev)- Installing psr/log (1.0.0)Loading from cache- Installing twig/twig (v1.13.1)Downloading: 100%- Installing symfony/icu (v1.2.0)Downloading: 100%- Installing symfony/intl (v2.3.1)Downloading: 100%...symfony/twig-bridge suggests installing symfony/templating ()...Writing lock fileGenerating autoload files
  • 33. $ ls ~/myprojectcache/composer.jsoncomposer.lockconfig/consolelogs/src/templates/vendor/web/
  • 34. Adding another dependencyfrom the command line$ composer require doctrine/dbal:~2.3composer.json has been updatedLoading composer repositories with package informationUpdating dependencies (including require-dev)- Installing doctrine/common (2.3.0)Loading from cache- Installing doctrine/dbal (2.3.4)Loading from cacheWriting lock fileGenerating autoload files
  • 35. Distributing a library
  • 36. Any directory with a composer.json fileis a package.To be installable, a package just needs aname:{"name": "myvendorname/my-package","require": {...}}
  • 37. Recommended info for composer.json{"name": "jasongrimes/silex-simpleuser","description": "A simple db-backed user provider for Silex.","keywords": ["silex", "user", "user provider"],"homepage": "http://github.com/jasongrimes/silex-simpleuser","license": "MIT","authors": [{"name": "Jason Grimes", "email": "jason@grimesit.com"}],"require": { ... },"autoload": {"psr-0": {"JGSimpleUser": "src/"}},"suggest": {"monolog/monolog": "Allows more advanced logging."}}
  • 38. Specify versions with tags in yourVCS.Tags should match X.Y.Z or vX.Y.Zwith optional RC, beta, alpha or patch suffix.1.0.0v1.0.01.10.5-RC1v4.4.4beta2v2.0.0-alphav2.0.4-p1
  • 39. “dev” versions are created automaticallyfor every branch
  • 40. Branch names that look like versionsbecome {branch}-dev:2.0 => 2.0.x-dev1.2.x => 1.2.x-dev
  • 41. Other branch names becomedev-{branch}:master => dev-masterbugfix => dev-bugfix
  • 42. Specifying system requirements{"require": {..."php": ">=5.3","ext-PDO": “~1.0@dev”,"lib-openssl": "openssl"}}Run composer show --platform for a list oflocally available platform packages.
  • 43. Executing scripts with Composer{"scripts": {"post-update-cmd": "MyVendorMyClass::postUpdate","post-package-install": ["MyVendorMyClass::postPackageInstall"],"post-install-cmd": ["MyVendorMyClass::warmCache","phpunit -c app/"]}}composer.jsonMany other pre- and post- event hooks are supported.
  • 44. Submitting to Packagisthttps://packagist.org
  • 45. If using github, add a service hookPackagist will update whenever you push, instead of being crawled only once daily.https://github.org
  • 46. Custom repositories
  • 47. Maintaining your own forksWhen you fix a bug in a third-party library,use your own fork until your fix gets accepted upstream.{"repositories": [{"type": "vcs","url": “https://github.com/jasongrimes/monolog”,}],"require": {"monolog/monolog": "dev-bugfix"}}Your forkBranch with your fixCustom repos have priority over packagist, so your fork gets used instead of the original.
  • 48. PEAR packages{"repositories": [{"type": "pear","url": "http://pear2.php.net"}],"require": {"pear-pear2.php.net/PEAR2_Text_Markdown": "*","pear-pear2/PEAR2_HTTP_Request": "*"}}
  • 49. Non-composer packages{"repositories": [{"type": "package","package": {"name": "smarty/smarty","version": "3.1.7","dist": {"url": "http://smarty.net/Smarty-3.1.7.zip","type": "zip"},"source": {"url": "http://smarty-php.googlecode.com/svn/","type": "svn","reference": "tags/Smarty_3_1_7/distribution/"},"autoload": {"classmap": ["libs/"]}}}],"require": {"smarty/smarty": "3.1.*"}}
  • 50. Private repositories
  • 51. Use Satis to generate private Composer repositories.$ composer create-project composer/satis --stability=dev$ vim config.json{"repositories": [{ "type": "vcs", "url": "http://github.com/mycompany/privaterepo" },{ "type": "vcs", "url": "http://svn.example.org/private/repo" },{ "type": "vcs", "url": "http://github.com/mycompany/privaterepo2" }],"require": {"company/package": "*","company/package2": "*","company/package3": "2.0.0"}}$ php bin/satis build config.json web/Builds static repoin web/
  • 52. Use your private repo like any other:{"repositories": [ {"type": "composer","url": "http://packages.example.org/"} ],"require": {"company/package": "1.2.0","company/package2": "1.5.2","company/package3": "dev-master"}}
  • 53. In conclusion...
  • 54. • ...install dependencies not stored in your project’sVCS repo.• ...ensure identical versions in all your project’s environments.• ...handle autoloading.• ...distribute your open source libraries.• ...manage your private repositories.Use Composer to:
  • 55. Resources• http://getcomposer.org• https://packagist.org/• #composer on freenodeJason Grimes / @jason_grimes / jason@grimesit.com